How to throttle login attemps in Java webapp?

Posted by Jörn Zaefferer on Stack Overflow See other posts from Stack Overflow or by Jörn Zaefferer
Published on 2009-01-19T13:33:23Z Indexed on 2010/04/10 14:53 UTC
Read the original article Hit count: 611

Filed under:
|
|
|

I want to implement an efficient mechanism to throttle login attemps in my Java web application, to prevent brute-force attacks on user accounts.

Jeff explained the why, but not the how.

Simon Willison showed an implementation in Python for Django: That doesn't really help me along as I can't use memcached nor Django.

Porting his ideas from scratch doesn't seem like a great either - I don't want to reinvent the wheel.

I found one Java implementation, though it seems rather naiive: Instead of a LRU cache, it just clears all entries after 15 minutes.

EHCache could be an alternative for memcached, but I don't have any experience with it and don't really want to intoduce yet another technology if there are better alternatives for this task.

So, whats a good way to implement login throttling in Java?

© Stack Overflow or respective owner

Related posts about java

Related posts about login